Insufficient data authenticity validation
Description
The application does not control on the server if someone have permission to modify certain fields and allows to use invalid data in some fields, for example non-existing names.
Impact
Inject potentially malicious characters into application fields.
Recommendation
Validate on the server side the types of data that are entered into different types of fields in the application.
Threat
Authorized user from Internet.
Expected Remediation Time
⏱️ 60 minutes.